Skip to content

feat: support CC upstream hook bridge updates (SessionStart returns + MessageDisplay event) #4522

Open
Open
feat: support CC upstream hook bridge updates (SessionStart returns + MessageDisplay event)#4522
Labels
P2backendcienhancementNew feature or requestin-progressIssue is actively being worked ontests
@OneStepAt4time

Description

@OneStepAt4time
OneStepAt4time
opened on May 30, 2026

Summary

Claude Code v2.1.152 introduced two hook bridge changes that Aegis needs to support.

Changes Required

1. SessionStart hook: new return fields

CC v2.1.152 added two optional return fields to SessionStart hook responses:

  • reloadSkills: true — re-scans skill directories, making skills installed by the hook available in the same session
  • hookSpecificOutput.sessionTitle — sets the session title on startup and resume

Current Aegis behavior: POST /v1/hooks/SessionStart returns a response, but we may not parse/forward these new fields.

Required: Aegis hook bridge must:

  1. Parse reloadSkills from hook response and trigger skill re-scan if true
  2. Parse hookSpecificOutput.sessionTitle and update session metadata
  3. Forward both fields to the CC runner subprocess

2. New MessageDisplay hook event

CC v2.1.152 added a new hook event type: MessageDisplay

  • Lets hooks transform or hide assistant message text as it is displayed
  • Similar to existing hook events (PreToolUse, PostToolUse, Stop, etc.)

Current Aegis behavior: POST /v1/hooks/MessageDisplay likely returns 404 or unhandled.

Required: Aegis hook bridge must:

  1. Accept POST /v1/hooks/MessageDisplay as a valid hook event
  2. Forward the event to registered hook handlers
  3. Apply hookSpecificOutput transformations to the displayed message

Source

Detected during CC CHANGELOG scan (v2.1.145 → v2.1.158) by Scribe, 2026-05-30.
Full analysis: references/cc-upstream-impact-analysis.md

Acceptance Criteria

  • POST /v1/hooks/SessionStart response parsing handles reloadSkills and sessionTitle
  • POST /v1/hooks/MessageDisplay is a supported event type
  • Hook response forwarding works for both new fields
  • Backward compatible — existing hooks unaffected
  • Tests: hook bridge with new fields, unknown fields ignored gracefully

Priority

P2 — not blocking #3971 or #3180, but needed for CC upstream compatibility.
Assign to whoever is free after #3971 ships.

Additional Scope (Boss decision, 2026-05-30)

3. Permission mode override — security boundary

CC v2.1.143 persists --dangerously-skip-permissions across retire→wake. Aegis must never inherit CC's persisted permission state.

Required:

  • Every CC session spawn MUST include --permission-mode <mode> derived from agent's effective permissions
  • --dangerously-skip-permissions is NEVER passed by Aegis
  • Aegis sets permission mode fresh on every spawn — ignores CC's persistence
  • @Themis to flag in next security review

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2backendcienhancementNew feature or requestin-progressIssue is actively being worked ontests

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions